|
280511
|
- |
|
phpwcms
|
phpwcms
|
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.in…
|
NVD-CWE-Other
|
CVE-2006-2518
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280512
|
- |
|
phpwcms
|
phpwcms
|
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_r…
|
NVD-CWE-Other
|
CVE-2006-2519
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280513
|
- |
|
bitberry_software
|
bitzipper
|
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in …
|
NVD-CWE-Other
|
CVE-2006-2520
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280514
|
- |
|
power_place
|
php_easy_galerie
|
PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
|
NVD-CWE-Other
|
CVE-2006-2526
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280515
|
- |
|
smartisoft
|
phpbazar
|
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter t…
|
NVD-CWE-Other
|
CVE-2006-2527
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280516
|
- |
|
snitz_communications
|
avatar_mod
|
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-2530
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280517
|
- |
|
ipswitch
|
whatsup
|
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Ag…
|
NVD-CWE-Other
|
CVE-2006-2531
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280518
|
- |
|
greg_donald
|
destiney_rated_images_script
|
stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was …
|
NVD-CWE-Other
|
CVE-2006-2532
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280519
|
- |
|
greg_donald
|
destiney_rated_images_script
|
Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote at…
|
NVD-CWE-Other
|
CVE-2006-2533
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280520
|
- |
|
greg_donald
|
destiney_links_script
|
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes…
|
NVD-CWE-Other
|
CVE-2006-2534
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
